Information Security Officer

at  Asseco South Eastern Europe

The group Asseco SEE is the largest operator in South-Eastern Europe in terms of revenue derived from sales of its software and services. We came into being as a result of the integration of the experience, knowledge and solutions of major segment leading IT companies operating in the region. Since the beginning, our company’s subsidiaries focused on developing their own solutions in their market segments. Our mission is to build a trustworthy and profitable global IT company providing our customers with high quality software and services.

MAIN ACCOUNTABILITIES:

Collaborates with Group Information Security Officer to ensure implementation and integration of Group initiatives and policies at the local level;
Responsible for the effective implementation of information security controls in cooperation with IT and Business Unit within company;
Planning and budgeting of information security at the company level in cooperation with Business Unit Managers within the company;
Responsible for the effective implementation of the process of dealing with security incidents;
Performing the Information Security Risk Assessment in cooperation with the Business Unit Managers;
Responsible for risk impact assessment as a basis for the development of a Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP), implementation of the measures and test scenarios that are part of those plans;
Implementation of measures for the technical security and protection measures of personal data in cooperation with Personal Data Protection Officer;
Monitoring and analysis of security events and risks related to the use of information systems within company;
Performs internal and external assessments of vulnerabilities in information systems, scans with automated tools and monitors progress in implementing identified weaknesses;
Responsible for planning and conducting training and information security awareness sessions;
Reviews and monitors outsourcing activities for compliance with related information security policies and guidelines through contract assessment and outsourcing questionnaires;
Provide advice and support for specific information security solutions to the sales and presales teams to support the sales process.

KNOWLEDGE:

Knowledge of computer networks, communication, Internet and working in the cloud
Knowledge of Windows, Linux environment and the principles of virtualization of operating environments
Knowledge of the principles of operation of database management systems will be considered as an advantage
Ability to perform risk based activities
Knowledge of specific information security standards such as PCI DSS and ISO 27001, NIST will be considered as an advantage
Ability to exercise critical human relations skills in establishing and maintaining effective working relations with other management, employees, and external contacts
Understanding of software development methodologies (SDLC, Agile…)
Experience with web application protection and testing will be considered as an advantage
Possession of international certificates in the field of information systems and/or information security such as CISSP, CISM, Security+, and Ethical Hacking will be considered an advantage
Be organized for effective time management and priorities
Honesty, integrity, and trustworthiness
Analytical and problem-solving orientation, creative and critical thinking.

EXPERIENCE

Work experience in the field of information security of at least 3 years or in system administration and maintenance of information systems of at least 5 years

EDUCATION

Bachelor’s degree in informatics, Computer Science or a related field.
Language: Advanced level of the English language, allowing fluent communication, making presentations, preparing complex written statements and documents associated with performed tasks
Driving license B category